OAuth 2.0 Flow Explorer

Explore and test OAuth 2.0 flows. Build authorization URLs, generate PKCE challenges, and test real flows against your auth server — all in the browser.

Flow Steps

Client → Auth Server

1. Authorization Request

Redirect user to authorization endpoint with client_id, redirect_uri, scope, state, and response_type=code

Auth Server → User

2. Login & Consent

Authorization server presents login page and consent screen to the user

User → Auth Server

3. Grant Access

User authenticates and grants the requested permissions

Auth Server → Client

4. Authorization Code

Auth server redirects back to redirect_uri with authorization code and state parameter

Client → Auth Server

5. Token Exchange

Client exchanges authorization code for tokens by sending code, client_id, client_secret, and redirect_uri to token endpoint

Auth Server → Client

6. Access Token

Auth server validates code and returns access_token, refresh_token, token_type, and expires_in

Request Builder

Authorization URL

Token URL

Client ID

Client Secret

Redirect URI

Scope

State

Generated Requests & Responses

Authorization URL

https://auth.example.com/authorize?response_type=code&client_id=my-client-id&redirect_uri=&scope=openid+profile+email

Example Callback

?code=SplxlOBeZQQYbYS6WxSbIA

Token Request Body

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=&client_id=my-client-id&client_secret=my-client-secret

Example Token Response

{
  "access_token": "ya29.a0AfH6SMBx...example",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "1//0gdBpR...example",
  "scope": "openid profile email"
}

Flow Steps

Request Builder

Generated Requests & Responses

Test Flow